An encryption method fusing quantum key and post-quantum cryptographic algorithm
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SICHUAN LIANGSHANSHUILUOHE ELECTRICITY DEV CO LTD
- Filing Date
- 2026-04-15
- Publication Date
- 2026-06-23
AI Technical Summary
Existing technologies lack a physical layer true random entropy source in data encryption at hydropower terminals, resulting in insufficient randomness in the encryption system, making it vulnerable to quantum mechanics and posing security risks.
The QKD device using the BB84 protocol generates the original quantum key, and then generates the seed, lattice noise scaling factor and quantum enhanced session base key through hash derivation. Combined with the characteristics of hydropower terminal operation data, a quantum derivation mask is generated and XORed. The post-quantum encryption algorithm is used to generate multi-layer encrypted ciphertext, and the data transmission integrity is ensured by combining the check code.
It enhances the encryption system's resistance to attacks and long-term operational security, strengthens the randomness and unpredictability of encryption keys, provides stronger resistance to quantum cracking, and ensures the security and integrity of data transmission.
Smart Images

Figure CN122053064B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data encryption technology, specifically to an encryption method that integrates quantum key distribution and post-quantum cryptography algorithms. Background Technology
[0002] With the rapid development of quantum computing technology, traditional public-key cryptography algorithms face the threat of quantum-based cracking. Remote secure communication for industrial terminals such as those in the power and water conservancy sectors urgently needs to be upgraded to quantum-resistant cryptographic systems. Currently, in data encryption transmission scenarios between hydropower terminals and central control rooms, some existing technologies simply employ post-quantum cryptography algorithms to achieve quantum-resistant public-key encryption. This involves generating the encryption key using specific mathematical algorithms to complete encrypted data transmission and ensure communication security.
[0003] When using this technical solution, key generation relies solely on the mathematical algorithm itself, lacking the support and enhancement of a true random entropy source at the physical layer, resulting in insufficient randomness in the encryption system. During long-term operation, and when facing targeted quantum attacks or algorithmic cracking, the security redundancy of the encryption system is insufficient to meet the high security requirements of remote communication in industrial terminals, easily leading to security risks such as encryption breaches and data leaks. Therefore, existing technologies suffer from low data encryption security. Summary of the Invention
[0004] To address the aforementioned shortcomings in existing technologies, this invention provides an encryption method that integrates quantum key distribution and post-quantum cryptography algorithms, solving the problem of low data encryption security in existing technologies.
[0005] To achieve the aforementioned objectives, the present invention employs the following technical solution: an encryption method integrating quantum key distribution and post-quantum cryptography, comprising the following steps:
[0006] S1. Generate the original quantum key using a QKD device with the BB84 protocol, and perform hash derivation to obtain the post-quantum public-private key generation seed, lattice noise scaling factor, and quantum-enhanced session base key;
[0007] S2. Based on the characteristics of the hydropower terminal operation data and the original quantum key, generate a quantum derived mask and XOR it with the data to be encrypted to obtain the quantum mask protected data.
[0008] S3. Based on the post-quantum public and private key generation seed, lattice noise scaling factor, quantum enhanced session base key and quantum mask protection data, generate the first part of ciphertext and the second part of ciphertext based on post-quantum encryption operation;
[0009] S4. Divide the original quantum key into multiple parts, obtain the quantum enhanced encryption value, perform perturbation encryption on the first part ciphertext and the second part ciphertext twice respectively, and XOR process to obtain the first part enhanced ciphertext and the second part enhanced ciphertext.
[0010] S5. Concatenate the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the check code, and transmit them to the central control room.
[0011] Furthermore, S1 includes the following sub-steps:
[0012] S11. Concatenate the original quantum key and the first fixed identifier bit and input them into the SHA3-256 hash function to obtain the seed for generating the subsequent quantum public and private keys;
[0013] S12. Concatenate the original quantum key and the second fixed identifier into the SHA3-256 hash function, and perform base conversion and modulo operation to obtain the lattice noise scaling factor;
[0014] S13. Concatenate the original quantum key, the unique identifier of the hydropower terminal, and the third fixed identifier bit and input them into the SHA3-256 hash function to obtain the quantum-enhanced session base key.
[0015] Furthermore, S2 includes the following sub-steps:
[0016] S21. Normalize the operation data collected by the hydropower terminal and then convert it into a bit string to obtain the data to be encrypted;
[0017] S22. Convert the mean, standard deviation, maximum and minimum values of the running data into strings, and concatenate them to obtain the mask identifier bits;
[0018] S23. Concatenate the mask identifier with the original quantum key and input it into the SHA3-256 hash function to obtain the quantum derived mask;
[0019] S24. Truncate or extend the quantum-derived mask to the same length as the data to be encrypted, and XOR it with the data to be encrypted to obtain the quantum-mask-protected data.
[0020] Furthermore, S3 includes the following sub-steps:
[0021] S31. Using the quantum public-private key generation seed as input, the CRYSTALS-Kyber key generation function is used to generate the quantum key pair and lattice basis matrix.
[0022] S32. Perform a bitwise XOR operation between the cyclically expanded quantum-enhanced session base key and the binary code corresponding to the public key in the subsequent quantum key pair to obtain the quantum-enhanced session key.
[0023] S33. Based on the lattice basis matrix and the lattice noise scaling factor, generate the first part of the ciphertext using post-quantum encryption operations;
[0024] S34. Based on the quantum mask protection data, the quantum enhanced session key, and the lattice noise scaling factor, generate the second part of the ciphertext using post-quantum encryption operations.
[0025] Furthermore, the formula for generating the first part of the ciphertext in S33 is:
[0026] ,
[0027] in, This is the first part of the ciphertext. For lattice basis matrices, A random vector generated for the hydropower terminal. The grid noise scaling factor, The first cell of noise vector, For modulo operation, The modulus in CRYSTALS-Kyber.
[0028] Furthermore, the formula for generating the second part of the ciphertext in S34 is:
[0029] ,
[0030] in, This is the second part of the ciphertext. To protect data using quantum masks, For public key, A random vector generated for the hydropower terminal. The grid noise scaling factor, The second cell noise vector, For quantum-enhanced session keys, For numerical vectorization processing, For modulo operation, The modulus in CRYSTALS-Kyber.
[0031] Furthermore, S4 includes the following sub-steps:
[0032] S41. Divide the original quantum key into 4 parts to obtain 4 quantum keys;
[0033] S42. Convert each quantum key into an integer to obtain 4 quantum-enhanced encryption values;
[0034] S43. The first part of the ciphertext is perturbed and encrypted twice using two quantum-enhanced encryption values, and then XORed to obtain the first part of the enhanced ciphertext.
[0035] S44. The second part of the ciphertext is perturbed and encrypted twice using two additional quantum-enhanced encryption values, and then XORed to obtain the second part of the enhanced ciphertext.
[0036] Furthermore, S43 includes the following sub-steps:
[0037] S431. Multiply the quantum-enhanced encryption value by the element number in the first part of the ciphertext to obtain the first perturbation bit;
[0038] S432. Encrypt the first part of the ciphertext using the quantum-enhanced encryption value, add the first perturbation bit, and obtain the first part of the candidate ciphertext;
[0039] S433. The first part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the first part of the enhanced ciphertext.
[0040] Furthermore, S44 includes the following sub-steps:
[0041] S441. Multiply the quantum-enhanced encryption value by the element number in the second part of the ciphertext to obtain the second perturbation bit;
[0042] S442. Encrypt the second part of the ciphertext using the quantum-enhanced encryption value, add the second perturbation bit, and obtain the second part of the candidate ciphertext;
[0043] S443. The second part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the second part of the enhanced ciphertext.
[0044] Furthermore, the formula for obtaining the first part of the candidate ciphertext in S432 is:
[0045] ,
[0046] in, The first candidate ciphertext One element, The first part of the ciphertext One element, The numbers are the element numbers in the first part of the ciphertext. To enhance the encryption value using quantum computing, This is the first perturbation position. For modulo operation, The modulus in CRYSTALS-Kyber;
[0047] The formula for obtaining the second part of the candidate ciphertext in S442 is:
[0048] ,
[0049] in, The second part of the candidate ciphertext One element, For the second part of the ciphertext, the first One element, The numbers are the element numbers in the second part of the ciphertext. This is the second perturbation bit.
[0050] The beneficial effects of this invention are as follows: This invention generates a raw quantum key with true randomness at the physical layer through a QKD device using the BB84 protocol. This key is then transformed into the key parameters required for post-quantum encryption through hash derivation, achieving deep integration of the quantum key and the post-quantum encryption algorithm. Furthermore, the security of the ciphertext is enhanced through quantum derivation mask XOR protection, double perturbation encryption, and XOR processing. At the same time, the integrity of data transmission is ensured by combining a check code. This invention makes up for the shortcoming of traditional post-quantum cryptographic algorithms that lack a true random entropy source, thereby improving the anti-attack capability and long-term operational security of the encryption system.
[0051] This invention significantly enhances the randomness and unpredictability of encryption keys by combining quantum keys generated by quantum key distribution (QKD) devices with post-quantum cryptographic algorithms. Compared with traditional encryption technologies that rely solely on mathematical algorithms, this combination provides stronger resistance to quantum cracking. Furthermore, the multiple encryption and perturbation processes applied to the ciphertext further improve the overall security of data encryption, forming multiple security safeguards. Attached Figure Description
[0052] Figure 1 This is a flowchart of an encryption method that integrates quantum key distribution and post-quantum cryptography algorithms. Detailed Implementation
[0053] The specific embodiments of the present invention are described below to enable those skilled in the art to understand the present invention. However, it should be understood that the present invention is not limited to the scope of the specific embodiments. For those skilled in the art, various changes are obvious as long as they are within the spirit and scope of the present invention as defined and determined by the appended claims. All inventions utilizing the concept of the present invention are protected.
[0054] like Figure 1 As shown, an encryption method integrating quantum key distribution and post-quantum cryptography includes the following steps:
[0055] S1. Generate the original quantum key using a QKD device with the BB84 protocol, and perform hash derivation to obtain the post-quantum public-private key generation seed, lattice noise scaling factor, and quantum-enhanced session base key;
[0056] S2. Based on the characteristics of the hydropower terminal operation data and the original quantum key, generate a quantum derived mask and XOR it with the data to be encrypted to obtain the quantum mask protected data.
[0057] S3. Based on the post-quantum public and private key generation seed, lattice noise scaling factor, quantum enhanced session base key and quantum mask protection data, generate the first part of ciphertext and the second part of ciphertext based on post-quantum encryption operation;
[0058] S4. Divide the original quantum key into multiple parts, obtain the quantum enhanced encryption value, perform perturbation encryption on the first part ciphertext and the second part ciphertext twice respectively, and XOR process to obtain the first part enhanced ciphertext and the second part enhanced ciphertext.
[0059] S5. Concatenate the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the check code, and transmit them to the central control room.
[0060] In this embodiment, S1 includes the following sub-steps:
[0061] S11. Concatenate the original quantum key and the first fixed identifier bit and input them into the SHA3-256 hash function to obtain the seed for generating the subsequent quantum public and private keys:
[0062] ,
[0063] in, Seeds are generated for post-quantum public-private key generation. For hash functions, The original quantum key, As the first fixed identifier, For splicing;
[0064] S12. Concatenate the original quantum key and the second fixed identifier bit into the SHA3-256 hash function, and perform base conversion and modulo operation to obtain the lattice noise scaling factor:
[0065] ,
[0066] in, The grid noise scaling factor, To convert binary to decimal, The modulus in CRYSTALS-Kyber. This is the second fixed identifier.
[0067] S13. Concatenate the original quantum key, the unique identifier of the hydropower terminal, and the third fixed identifier bit, and input them into the SHA3-256 hash function to obtain the quantum-enhanced session base key:
[0068] ,
[0069] in, For quantum-enhanced session base keys, This serves as the unique identifier for hydropower terminals. This is the third fixed identifier.
[0070] First fixed identifier Second fixed identifier Third fixed identifier position All of them are preset fixed constant strings. The value is 3329.
[0071] In this embodiment, S2 includes the following sub-steps:
[0072] S21. Normalize the operation data collected by the hydropower terminal and then convert it into a bit string to obtain the data to be encrypted;
[0073] S22. Convert the mean, standard deviation, maximum and minimum values of the running data into strings, and concatenate them to obtain the mask identifier bits;
[0074] S23. Concatenate the mask identifier with the original quantum key and input it into the SHA3-256 hash function to obtain the quantum derived mask;
[0075] S24. Truncate or extend the quantum-derived mask to the same length as the data to be encrypted, and XOR it with the data to be encrypted to obtain the quantum-mask-protected data.
[0076] In this embodiment, the formula for obtaining quantum mask-protected data is:
[0077] ,
[0078] in, To protect data using quantum masks, For the data to be encrypted, For mask identifier bits, To extract or loop to and Consistent length This is for XOR processing.
[0079] This invention first normalizes the hydropower terminal operation data and converts it into a bit string. Then, it extracts features such as the mean and standard deviation of the operation data and concatenates them into mask identifier bits. Combined with the original quantum key, a quantum derived mask is generated using the SHA3-256 hash function. After truncation or expansion, the quantum mask is XORed with the data to be encrypted to obtain the quantum mask protecting the data. This invention improves the security of the quantum derived mask through dynamically changing mask identifier bits and enhances the randomness of the mask by utilizing the characteristics of the hash function, thus achieving effective hiding of the data to be encrypted.
[0080] When the length of the quantum derived mask is less than the data to be encrypted, the quantum derived mask is cyclically expanded (repeatedly spliced) to make it consistent with the data to be encrypted. When the length of the quantum derived mask is greater than the data to be encrypted, the quantum derived mask is truncated to make it consistent with the data to be encrypted.
[0081] In this embodiment, S3 includes the following sub-steps:
[0082] S31. Using the quantum public-private key generation seed as input, the CRYSTALS-Kyber key generation function is used to generate the quantum key pair and lattice basis matrix:
[0083] ,
[0084] in, For lattice basis matrices, For public key, For private key, For CRYSTALS-Kyber key generation functions;
[0085] S32. Perform a bitwise XOR operation between the cyclically expanded quantum-enhanced session base key and the binary code corresponding to the public key in the subsequent quantum key pair to obtain the quantum-enhanced session key.
[0086] S33. Based on the lattice basis matrix and the lattice noise scaling factor, generate the first part of the ciphertext using post-quantum encryption operations;
[0087] S34. Based on the quantum mask protection data, the quantum enhanced session key, and the lattice noise scaling factor, generate the second part of the ciphertext using post-quantum encryption operations.
[0088] CRYSTALS-Kyber is a post-quantum cryptography key encapsulation mechanism based on the modular lattice problem. PQC_KeyGen is the key generation function built into the CRYSTALS-Kyber algorithm.
[0089] In the post-quantum key pair, the private key remains local, meaning it is used by the central control room during decryption.
[0090] In this embodiment, the formula for generating the first part of the ciphertext in S33 is:
[0091] ,
[0092] in, This is the first part of the ciphertext. For lattice basis matrices, A random vector generated for the hydropower terminal. The grid noise scaling factor, The first cell of noise vector, For modulo operation, The modulus in CRYSTALS-Kyber.
[0093] In this embodiment, the formula for generating the second part of the ciphertext in S34 is:
[0094] ,
[0095] in, This is the second part of the ciphertext. To protect data using quantum masks, For public key, A random vector generated for the hydropower terminal. The grid noise scaling factor, The second cell noise vector, For quantum-enhanced session keys, For numerical vectorization processing, For modulo operation, The modulus in CRYSTALS-Kyber. yes and Multiply each element one by one.
[0096] In this embodiment, the lattice basis matrix is The matrix, for column vectors, for column vectors, for Column vectors. for column vectors, for column vectors, and The numerical vectorization process is as follows: and Evenly divided Each binary sequence is converted to decimal to form a binary number. column vectors, for column vectors, This represents the data length.
[0097] In this embodiment, the random vector generated by the hydropower terminal The first noise vector is generated using a random number generator. Second grid noise vector It is generated from the discrete Gaussian noise distribution specified by CRYSTALS-Kyber.
[0098] The first part of the ciphertext generation formula introduces a lattice noise scaling factor and a lattice noise vector by combining a lattice basis matrix and a random vector, thereby enhancing the unpredictability and randomness of the encryption process and effectively improving the security of the encryption system. Secondly, the second part of the ciphertext generation further incorporates multiple encryption mechanisms, including quantum mask protection, public keys, and quantum-enhanced session keys, adding an extra layer of security to the encrypted data during transmission.
[0099] In this embodiment, S4 includes the following sub-steps:
[0100] S41. Divide the original quantum key into 4 parts (i.e., divide it into 4 segments) to obtain 4 quantum keys;
[0101] S42. Convert each quantum key into an integer to obtain 4 quantum-enhanced encryption values;
[0102] S43. The first part of the ciphertext is perturbed and encrypted twice using two quantum-enhanced encryption values, and then XORed to obtain the first part of the enhanced ciphertext.
[0103] S44. The second part of the ciphertext is perturbed and encrypted twice using two additional quantum-enhanced encryption values, and then XORed to obtain the second part of the enhanced ciphertext.
[0104] In this embodiment, the formula for converting to integers in S42 is:
[0105] ,
[0106] in, To enhance the encryption value using quantum computing, For quantum keys;
[0107] In this embodiment, S43 includes the following sub-steps:
[0108] S431. Multiply the quantum-enhanced encryption value by the element number in the first part of the ciphertext to obtain the first perturbation bit;
[0109] S432. Encrypt the first part of the ciphertext using the quantum-enhanced encryption value, add the first perturbation bit, and obtain the first part of the candidate ciphertext;
[0110] S433. The first part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the first part of the enhanced ciphertext.
[0111] In this embodiment, the formula for obtaining the first part of the candidate ciphertext in S432 is:
[0112] ,
[0113] in, The first candidate ciphertext One element, The first part of the ciphertext One element, The numbers are the element numbers in the first part of the ciphertext. To enhance the encryption value using quantum computing, This is the first perturbation position. For modulo operation, The modulus in CRYSTALS-Kyber;
[0114] In S43, each quantum-enhanced encryption value generates a first-part candidate ciphertext through S431 and S432. The two first-part candidate ciphertexts are converted into binary to obtain two first-part candidate ciphertext binary sequences. The two first-part candidate ciphertext binary sequences are then XORed bitwise to obtain the first-part enhanced ciphertext.
[0115] In this embodiment, S44 includes the following sub-steps:
[0116] S441. Multiply the quantum-enhanced encryption value by the element number in the second part of the ciphertext to obtain the second perturbation bit;
[0117] S442. Encrypt the second part of the ciphertext using the quantum-enhanced encryption value, add the second perturbation bit, and obtain the second part of the candidate ciphertext;
[0118] S443. The second part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the second part of the enhanced ciphertext.
[0119] The formula for obtaining the second part of the candidate ciphertext in S442 is:
[0120] ,
[0121] in, The second part of the candidate ciphertext One element, For the second part of the ciphertext, the first One element, The numbers are the element numbers in the second part of the ciphertext. This is the second perturbation bit.
[0122] In S44, each quantum-enhanced encryption value generates a second-part candidate ciphertext through S441 and S442. The two second-part candidate ciphertexts are converted into binary to obtain two binary sequences of second-part candidate ciphertexts. The two binary sequences of second-part candidate ciphertexts are then XORed bitwise to obtain the second-part enhanced ciphertext.
[0123] In this embodiment, the process of obtaining the verification code in S5 includes: obtaining the verification code by inputting the original quantum key into the SHA3-256 hash function. The verification code is used in the central control room to verify the integrity and authenticity of the received first part of the enhanced ciphertext and the second part of the enhanced ciphertext. The central control room compares the verification codes. If they match, it means that the ciphertext has not been tampered with or lost during transmission, ensuring the reliability of data transmission. If they do not match, transmission anomalies can be detected in time, avoiding the use of tampered or incomplete ciphertext for decryption, further ensuring the security of encrypted data transmission between the hydropower terminal and the central control room.
[0124] This invention splits the original quantum key into quantum-enhanced encryption values, and applies double perturbation encryption and XOR processing to the two parts of the ciphertext. Perturbation bits are generated by combining element numbers with the quantum-enhanced encryption values. This enhances the randomness and unpredictability of the ciphertext, effectively resisting targeted attacks, and also achieves layered enhanced protection, ensuring the independence and security of the two enhanced ciphertext parts. The combination of double perturbation encryption and XOR processing further conceals the ciphertext characteristics, reducing the risk of the ciphertext being cracked and analyzed.
[0125] This invention generates a raw quantum key with true physical layer randomness using a QKD device based on the BB84 protocol. This key is then hashed and transformed into the key parameters required for post-quantum encryption, achieving deep integration of the quantum key and the post-quantum encryption algorithm. Furthermore, the ciphertext security is enhanced through quantum derivation mask XOR protection, double perturbation encryption, and XOR processing. Simultaneously, a checksum ensures the integrity of data transmission. This invention overcomes the shortcoming of traditional post-quantum cryptography algorithms in lacking a true random entropy source, thereby improving the encryption system's resistance to attacks and long-term operational security.
[0126] This invention significantly enhances the randomness and unpredictability of encryption keys by combining quantum keys generated by quantum key distribution (QKD) devices with post-quantum cryptographic algorithms. Compared with traditional encryption technologies that rely solely on mathematical algorithms, this combination provides stronger resistance to quantum cracking. Furthermore, the multiple encryption and perturbation processes applied to the ciphertext further improve the overall security of data encryption, forming multiple security safeguards.
[0127] The above are merely preferred embodiments of the present invention and are not intended to limit the present invention. Various modifications and variations can be made to the present invention by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.
Claims
1. An encryption method integrating quantum key distribution and post-quantum cryptography, characterized in that, Includes the following steps: S1. Generate the original quantum key using a QKD device with the BB84 protocol, and perform hash derivation to obtain the post-quantum public-private key generation seed, lattice noise scaling factor, and quantum-enhanced session base key; S2. Based on the characteristics of the hydropower terminal operation data and the original quantum key, generate a quantum derived mask and XOR it with the data to be encrypted to obtain the quantum mask protected data. S3. Based on the post-quantum public and private key generation seed, lattice noise scaling factor, quantum enhanced session base key and quantum mask protection data, generate the first part of ciphertext and the second part of ciphertext based on post-quantum encryption operation; S4. Divide the original quantum key into multiple parts, obtain the quantum enhanced encryption value, perform perturbation encryption on the first part ciphertext and the second part ciphertext twice respectively, and XOR process to obtain the first part enhanced ciphertext and the second part enhanced ciphertext. S5. Concatenate the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the check code, and transmit them to the central control room; S1 includes the following steps: S11. Concatenate the original quantum key and the first fixed identifier bit and input them into the SHA3-256 hash function to obtain the seed for generating the subsequent quantum public and private keys; S12. Concatenate the original quantum key and the second fixed identifier into the SHA3-256 hash function, and perform base conversion and modulo operation to obtain the lattice noise scaling factor; S13. Concatenate the original quantum key, the unique identifier of the hydropower terminal, and the third fixed identifier bit and input them into the SHA3-256 hash function to obtain the quantum-enhanced session base key; S2 includes the following steps: S21. Normalize the operation data collected by the hydropower terminal and then convert it into a bit string to obtain the data to be encrypted; S22. Convert the mean, standard deviation, maximum and minimum values of the running data into strings, and concatenate them to obtain the mask identifier bits; S23. Concatenate the mask identifier with the original quantum key and input it into the SHA3-256 hash function to obtain the quantum derived mask; S24. Truncate or extend the quantum-derived mask to the same length as the data to be encrypted, and XOR it with the data to be encrypted to obtain the quantum mask-protected data. S3 includes the following steps: S31. Using the quantum public-private key generation seed as input, the CRYSTALS-Kyber key generation function is used to generate the quantum key pair and lattice basis matrix. S32. Perform a bitwise XOR operation between the cyclically expanded quantum-enhanced session base key and the binary code corresponding to the public key in the subsequent quantum key pair to obtain the quantum-enhanced session key. S33. Based on the lattice basis matrix and the lattice noise scaling factor, generate the first part of the ciphertext using post-quantum encryption operations; S34. Based on the quantum mask protection data, the quantum enhanced session key, and the lattice noise scaling factor, generate the second part of the ciphertext based on the post-quantum encryption operation; S4 includes the following sub-steps: S41. Divide the original quantum key into 4 parts to obtain 4 quantum keys; S42. Convert each quantum key into an integer to obtain 4 quantum-enhanced encryption values; S43. The first part of the ciphertext is perturbed and encrypted twice using two quantum-enhanced encryption values, and then XORed to obtain the first part of the enhanced ciphertext. S44. The second part of the ciphertext is perturbed and encrypted twice using two additional quantum-enhanced encryption values, and then XORed to obtain the second part of the enhanced ciphertext.
2. The encryption method combining quantum key distribution and post-quantum cryptography algorithm according to claim 1, characterized in that, The formula for generating the first part of the ciphertext in S33 is as follows: , in, This is the first part of the ciphertext. For lattice basis matrices, A random vector generated for the hydropower terminal. The grid noise scaling factor, The first cell of noise vector, For modulo operation, The modulus in CRYSTALS-Kyber.
3. The encryption method combining quantum key distribution and post-quantum cryptography algorithm according to claim 1, characterized in that, The formula for generating the second part of the ciphertext in S34 is as follows: , in, This is the second part of the ciphertext. To protect data using quantum masks, For public key, A random vector generated for the hydropower terminal. The grid noise scaling factor, The second cell noise vector, For quantum-enhanced session keys, For numerical vectorization processing, For modulo operation, The modulus in CRYSTALS-Kyber.
4. The encryption method combining quantum key distribution and post-quantum cryptography algorithm according to claim 1, characterized in that, S43 includes the following sub-steps: S431. Multiply the quantum-enhanced encryption value by the element number in the first part of the ciphertext to obtain the first perturbation bit; S432. Encrypt the first part of the ciphertext using the quantum-enhanced encryption value, add the first perturbation bit, and obtain the first part of the candidate ciphertext; S433. The first part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the first part of the enhanced ciphertext.
5. The encryption method combining quantum key distribution and post-quantum cryptography algorithm according to claim 4, characterized in that, S44 includes the following sub-steps: S441. Multiply the quantum-enhanced encryption value by the element number in the second part of the ciphertext to obtain the second perturbation bit; S442. Encrypt the second part of the ciphertext using the quantum-enhanced encryption value, add the second perturbation bit, and obtain the second part of the candidate ciphertext; S443. The second part of the candidate ciphertext generated based on the two quantum enhanced encryption values is converted into binary and then XORed to obtain the second part of the enhanced ciphertext.
6. The encryption method combining quantum key distribution and post-quantum cryptography algorithm according to claim 5, characterized in that, The formula for obtaining the first part of the candidate ciphertext in S432 is: , in, The first candidate ciphertext One element, The first part of the ciphertext One element, The numbers are the element numbers in the first part of the ciphertext. To enhance the encryption value using quantum computing, This is the first perturbation position. For modulo operation, The modulus in CRYSTALS-Kyber; The formula for obtaining the second part of the candidate ciphertext in S442 is: , in, The second part of the candidate ciphertext One element, For the second part of the ciphertext, the first One element, The numbers are the element numbers in the second part of the ciphertext. This is the second perturbation bit.